The 3 Must Knows of Sandboxing

Sandboxes have been touted as a high-ranking method to prevent a cyber-attack on organizations because they allow you to test everything before it can affect your production environment. But does that come with a cost and are they as effective as vendors would like us to believe?

Play Time in the Sandbox?

Most of us know a sandbox as a fun place that children play in at the playground. Similarly, for IT professionals, sandboxes have often been considered a safe place to develop and test code before it’s launched into production environments. For security professional though, sandboxing has been seen as a way to spot zero-day threats and stealthy attacks. However, as the “arms race” between invader and defender continues, malware authors have continuously found clever ways to evade sandbox detection.

Many IT security professionals and CISOs continue to rely too heavily on a sandboxing strategy alone to protect their resources. Meanwhile, the bullies of the cyber world are continuously finding new ways to “play” in the sandbox.

Myth vs. Reality

While sandboxes do provide a layer of prevention in your cyber threat prevention strategy, they come with a tax that may be too high for most organizations to pay. The three myths commonly associated with a sandbox technology for your cyber threat prevention strategy include:

Myth: Sandboxes are Fast

Reality: Sandboxes are slow: By definition of how sandboxes operate, all data that enters your operating system, network or application will need to pass through the sandbox and detonated to determine if any malware is hidden. This can add significant delays in communication, especially in organizations with tens of thousands to millions of emails and files transferred daily.

Myth: Sandboxes are Cost Effective

Reality: Sandboxes are resource intensive (read it’s expensive): The necessary hardware to create a secure sandbox is directly dependent on your application environment as you will have to duplicate every scenario in order to test for the possibility of a cyber breach. This can be expensive from a hardware and software perspective, but also the human resources necessary to keep those environments current with latest updates is also not insignificant.

Myth: Sandboxes Alone are Fool-Proof

Reality: Sandboxes can be spoofed: Sometimes a belief in a fool-proof method to prevent cyber-attacks are too good to be true. So much so that hackers even publish methods to crack sandbox vulnerabilities.

Today’s enterprise networks are no longer defined by its perimeters, with services that span public and private environments, diverse infrastructure underlays, and a growing number of application options and sources.

The Sandbox Alternative

Businesses truly looking to prevent – and not remediate – cyber-attacks need to consider a platform with an evasion-proof approach that does not require sandboxing. By doing so, the customer will be empowered with the right degree of flexibility to deliver end-to-end security across a changing threat landscape.

Whether on-premise or in the cloud, the platform should operate consistently, totally separating environment variables from security logic. Similarly, the platform should be agnostic to the underlying infrastructure implemented and able to protect in hybrid environments – including a mix of virtual, hardware, and XaaS-consumed infrastructure. To provide true end-to-end security, the platform needs to provide customers the flexibility and consistency that is not restricted to a certain vertical.

While sandboxes do provide a layer of prevention in a cyber threat prevention strategy, they come with a tax that may be too high for most organizations to pay.

About the author: Boris Vaynberg co-founded Solebit LABS Ltd. in 2014 and serves as its Chief Executive Officer. Mr. Vaynberg has more than a decade of experience in leading large-scale cyber- and network security projects in the civilian and military intelligence sectors.

The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.